This Standard sets out essential elements for
establishing, implementing and managing an effective compliance program within an
organization and provides guidance in using these elements. However, this Standard is a
guide only and organizations should use the system best suited to their operations.
The implementation of some aspects of this Standard may differ for smaller organizations,
but compliance policy, commitment and responsibility apply regardless of the size of the
organization.
This Standard is not intended to take precedence over, or overlap, other management
systems such as ISO 9000, but to complement such systems by providing guidance in
developing a program for compliance with laws and regulations.
While this Standard describes a program that is intended to achieve compliance with the
law, it may also be used more widely to assist an organization in complying with codes of
practice and organizational standards. All may be dealt with in a similar manner, although
some flexibility may be necessary when addressing non-legal issues.
Legal compliance is part of an organization’s overall risk management, to which
AS/NZS 4360 offers good guidance. However, like other areas of risk management, legal
compliance has its own characteristics and needs to be considered in the light of
applicable legislation and the high standards for due diligence set by the courts. If these
standards are not met, major operational problems can result. This means that, to an
extent, legal compliance cannot always be handled under the same principles as can be
applied to other areas of risk management. The court’s requirements for ‘due diligence’
defences have been set at a very high level, and reducing the standard of the precautions
taken, for any reason, can easily lead to a complete loss of defence, leaving company
directors and managers exposed. This Standard indicates the methods found most
satisfactory in securing proper management of legal risks.
Organizational codes and ethics have been included in the overall term ‘compliance’,
because the same standards apply to them as they do to legal compliance.